Tutorial by Examples

XSS means cross-site scripting. CodeIgniter comes with XSS filtering security. This filter will prevent any malicious JavaScript code or any other code that attempts to hijack cookie and do malicious activities. To filter data through the XSS filter, use the xss_clean() method as shown below. $data...

SQL injection is an attack made on the database query. In PHP, we use mysql_real_escape_string() function to prevent this along with other techniques but CodeIgniter provides inbuilt functions and libraries to prevent this. We can prevent SQL Injection in CodeIgniter in the following three ways − ...

In production environment, we often do not want to display any error message to the users. It is good if it is enabled in the development environment for debugging purposes. These error messages may contain some information, which we should not show to the site users for security reasons. There are...

CSRF stands for cross-site request forgery. You can prevent this attack by enabling an option in the application/config/config.php file as shown below. $config['csrf_protection'] = TRUE; When you create a form using the form_open() function, it will automatically insert a CSRF token in a hidden ...

// XSS Filtering $data = array( 'name'=> '<script>Abuse Data</script>' ); $data = $this->security->xss_clean($data); // Clean Data // Escaping Queries <?php $username = $this->input->post('username'); $query = 'SELECT * FROM subscribers_tbl ...

Don't rely on any user input. user input everything like <script> tag or any javascript alert(); so we have to prevent this all data will no run in our browser. so we have to use xss prevention method to restrict our secure data to kept in hacker hand and also it's developer's responsibility t...